Privacy Policy

1. General Information

DF Serviços Financeiros Ltda, registered under Tax ID No. 63.568.204/0001-43, headquartered at Av. R Rolf Colin, 109 - Sala 3, America, Joinville - SC, ZIP 89204-070, is committed to protecting the personal and financial data of its clients and website visitors, in compliance with the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018) and financial sector regulations.

This Privacy Policy describes how we collect, use, store, and protect your sensitive financial information in the context of financial services.

2. Data Collected

We may collect the following information:

• Identification data: Full name, Tax ID (CPF), Company Tax ID (CNPJ), date of birth, nationality, marital status
• Contact data: Email, phone number, residential address, commercial address
• Financial data: Bank account information, income, assets, liabilities, investment portfolio
• Credit data: Credit history, credit score, payment records
• Employment data: Employer information, occupation, income sources
• Investment data: Investment preferences, risk profile, financial goals
• Transaction data: Payment information, transaction history, account statements
• Identification documents: ID, driver's license, proof of address
• KYC data: Know Your Customer information for regulatory compliance
• Browsing data: IP address, browser type, pages visited

3. Purpose of Data Processing

The collected data is used to:

• Provide financial services and investment management
• Open and maintain financial accounts
• Process financial transactions and payments
• Conduct credit analysis and risk assessment
• Provide investment advisory services
• Perform Know Your Customer (KYC) verification
• Comply with anti-money laundering (AML) regulations
• Ensure regulatory compliance and reporting
• Detect and prevent fraud and financial crimes
• Communicate account updates and financial information
• Process service payments and fees
• Provide customer service and support
• Improve our products and services

4. Legal Basis for Processing

Data processing is performed based on:

• Consent: When you expressly authorize the use of your data
• Contract execution: To fulfill financial service contracts
• Legal obligation: To comply with financial regulations, Central Bank requirements, tax laws, and AML regulations
• Legitimate interest: For fraud prevention, risk management, and service improvement
• Protection of credit: For credit analysis and risk assessment

5. Data Sharing

DF Serviços Financeiros does not sell or commercialize personal or financial data. We may share data only with:

• Central Bank of Brazil: For regulatory reporting and compliance
• Financial institutions: Banks, investment firms, payment processors
• Credit bureaus: For credit analysis and verification (e.g., Serasa, SPC)
• Tax authorities: Federal Revenue Service for tax compliance
• Regulatory bodies: Securities and Exchange Commission (CVM), financial oversight agencies
• Anti-fraud services: For fraud detection and prevention
• Legal counsel: For legal advice and representation
• Service providers: Secure cloud services, cybersecurity, IT infrastructure
• Auditors: For financial audits and compliance reviews
• Insurance providers: For insurance and protection services
• Legal authorities: When required by law, court order, or legal process

6. Data Security

We implement rigorous technical and organizational measures to protect your sensitive financial data:

• 256-bit encryption for all financial transactions
• End-to-end encryption of sensitive personal data
• Multi-factor authentication for all account access
• Secure data centers with redundant systems
• Regular security audits and penetration testing
• 24/7 security monitoring and threat detection
• Fraud detection and prevention systems
• Access controls limited to authorized personnel
• Encrypted communication channels
• Regular employee training on data security
• Incident response and breach notification protocols
• Compliance with PCI-DSS standards for payment data
• Professional liability and cybersecurity insurance

7. Your Rights as Data Subject

Under LGPD, you have the following rights:

• Confirmation and access: Confirm the existence of processing and access your data
• Correction: Request correction of incomplete, inaccurate, or outdated data
• Anonymization, blocking, or deletion: Request removal of unnecessary data (subject to legal retention requirements)
• Portability: Request data portability in structured format
• Deletion: Request deletion of data processed with consent (subject to legal and regulatory obligations)
• Information: Obtain information about data sharing and processing
• Revocation: Revoke consent (subject to contractual and regulatory obligations)
• Opposition: Object to processing in specific circumstances

8. Cookies and Similar Technologies

We use cookies to improve your browsing experience and enhance security. You can configure your browser to refuse cookies, though this may affect functionality.

9. Data Retention

We retain your data for the time necessary to:

• Fulfill the purposes described in this policy
• Duration of the service relationship
• Financial records: minimum 5 years as required by Central Bank regulations
• Transaction records: 5 years from transaction date
• KYC/AML documentation: 5 years after account closure
• Tax documentation: as required by tax law (generally 5 years)
• Legal prescription periods (generally 5-10 years for financial obligations)
• Central Bank and CVM regulatory requirements
• Fraud prevention and financial crime investigation
• Exercise of legal rights and defense against claims

After these periods, data will be securely deleted or anonymized, except where longer retention is required by law or regulation.

10. International Data Transfer

Your data is primarily stored and processed in Brazil. When we use services with international infrastructure, we ensure adequate data protection measures and compliance with LGPD requirements for international transfers.

11. Minors

Our financial services are intended for individuals over 18 years of age or legally emancipated. We do not provide services to minors without legal guardian authorization and consent.

12. Changes to This Policy

This Policy may be updated periodically to reflect changes in our practices, regulations, or legal requirements. Significant changes will be communicated by email or account notification.

13. Data Protection Officer (DPO)

We have appointed a Data Protection Officer responsible for ensuring LGPD compliance, managing data protection inquiries, and coordinating with regulatory authorities.

14. Contact

To exercise your rights or clarify questions:

We will respond to your requests within 15 calendar days, extendable by another 15 days with justification.

15. Applicable Law and Jurisdiction

This Policy is governed by the laws of the Federative Republic of Brazil, especially Law No. 13.709/2018 (LGPD), Central Bank regulations, CVM regulations, and financial sector laws. The jurisdiction of Joinville/SC is elected to resolve any disputes.

Last updated: December 2025